From b2a198ce39569687e277f794f189299c530a0021 Mon Sep 17 00:00:00 2001
From: Han-Wen Nienhuys <hanwen@google.com>
Date: Thu, 12 Dec 2013 11:25:17 -0500
Subject: [PATCH] crypto/cipher: speed up gcmInc32.

The counter is not secret, so the code does not need to be
constant time.

benchmark                    old MB/s     new MB/s  speedup
BenchmarkAESGCMSeal1K           89.90        92.84    1.03x
BenchmarkAESGCMOpen1K           89.16        92.30    1.04x

R=agl
CC=golang-dev
https://golang.org/cl/40690046
---
 src/pkg/crypto/cipher/gcm.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/pkg/crypto/cipher/gcm.go b/src/pkg/crypto/cipher/gcm.go
index 122cd41ca2..2f748f02f7 100644
--- a/src/pkg/crypto/cipher/gcm.go
+++ b/src/pkg/crypto/cipher/gcm.go
@@ -258,11 +258,11 @@ func (g *gcm) update(y *gcmFieldElement, data []byte) {
 // gcmInc32 treats the final four bytes of counterBlock as a big-endian value
 // and increments it.
 func gcmInc32(counterBlock *[16]byte) {
-	c := 1
 	for i := gcmBlockSize - 1; i >= gcmBlockSize-4; i-- {
-		c += int(counterBlock[i])
-		counterBlock[i] = byte(c)
-		c >>= 8
+		counterBlock[i]++
+		if counterBlock[i] != 0 {
+			break
+		}
 	}
 }
 
-- 
2.50.0